The DevOps and security relationship is often tense—but does it have to be? At RSA 2019, Tanya Janca explained how teams can play nice, and why they ought to.
Posted in Agile, CI/CD & DevOps, Featured | Comments Off on Tanya Janca at RSA on better AppSec: Play nice with DevOps
Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.
Posted in Agile, CI/CD & DevOps | Comments Off on How to “shift left” with application security tools, and how not to
Hacking Security is a monthly podcast on emerging trends in application security. In Episode 4, secure development expert Meera Rao discusses DevSecOps.
Podcast: Play in new window | Download
Posted in Agile, CI/CD & DevOps, Developer Enablement, General | Comments Off on Hacking Security Episode 4: DevSecOps with Meera Rao
Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps
In our on-demand webinar with Binoy Das (AWS) and Dave Meurer (Synopsys), you’ll learn how to manage security in your cloud DevSecOps processes with automation.
Posted in Agile, CI/CD & DevOps, Cloud Security, General, Webinars | Comments Off on Webinar: Cloud DevSecOps with Synopsys and AWS
In our on-demand webinar with Meera Rao (Synopsys), you’ll learn how to integrate SAST into DevOps using automation to find issues early in the SDLC and support DevOps velocity.
Posted in Agile, CI/CD & DevOps, General, Static Analysis (SAST), Webinars | Comments Off on Webinar: Static analysis helps DevOps teams maintain velocity securely
In our on-demand webinar with Brendan Sheairs (Synopsys), you’ll learn about the fundamentals and challenges of building a Security Champions program to transform DevOps into DevSecOps.
Posted in Agile, CI/CD & DevOps, General, Security Training, Webinars | Comments Off on Webinar: Using Security Champions to build a DevSecOps culture within your organization
Interactive application security testing (IAST) and software composition analysis (SCA) are powerful technologies—and you need both in your security toolkit.
Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis | Comments Off on The intersection between IAST and SCA and why you need both in your security toolkit
This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Securing applications with Coverity’s static analysis results
This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Integrating Coverity static analysis into development workflows
Get the latest AppSec news and trends sent directly to you.
